windows users having trouble authenticating
Sallee, Stephen (Jake)
Jake.Sallee at umhb.edu
Mon Aug 2 21:52:41 CEST 2010
I have a working FreeRADIUS server that will authenticate linux clients
happily, however my windows clients are unable to authenticate. Here is
a snippet
--------------------------------------------------
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 7
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert read:fatal:unknown CA
TLS_accept:failed in SSLv3 read client certificate A
rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca
SSL: SSL_read failed inside of TLS (-1), TLS session fails.
TLS receive handshake failed during operation
[peap] eaptls_process returned 4
[peap] EAPTLS_OTHERS
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [test1 at umhb] (from client Sanderford port 129 cli
00-17-C4-F0-75-C8)
Using Post-Auth-Type Reject
--------------------------------------------------
As you can see the problem seems to lie in the TLS section, but I have
followed all the HOWTOs I can find on installing and configuring the
server cert. but to no avail. How do I tell the FreeRADIUS box to
trust its own certificate? The cert was generated and signed on the
FreeRADIUS box.
Also as a side note, the linux users are able to authenticate by typing
in domain\username, but doing this on a windows box shows very strange
things in the radius log, and fails to authenticate. Is there a way to
make both operating systems behave the same? Otherwise my windows
clients must use the username at domain convention, once I get that working
:)
Jake Sallee
Godfather Of Bandwidth
Network Engineer
Fone: 254-295-4658
Phax: 254-295-4221
More information about the Freeradius-Users
mailing list